The present invention relates to digital communications, and more particularly to the use of a digital message (such as a Virtual Object message encapsulated within an MPEG message), transmitted across any network (such as delivered via a broadband cable network), to deliver information to a digital consumer terminal. The mechanisms, messages and data structures, which allow a digital network to manage and utilize the authorization and security features for multiple applications in consumer terminals are described.
Various software applications, such as an electronic program guide (EPG), e-mail, web browser, shop or bank at home, stock ticker, and the like, can be written for digital terminals. These applications enhance the user""s experience and increase the revenue for service providers and for equipment manufacturers.
However, the processing of authorizing the terminals to acquire and enable the code objects for these applications places a burden on the limited resources of the security processor in the terminal. The applications are typically downloaded from a download server in the digital network and acquired by a downloader module in the digital terminal. The download server encapsulates small chunks of the application""s object code into download messages, known as Tune Download Channel Message, e.g., which are MPEG2-compliant. The messages are inserted into the downstream path of the digital network for acquisition by the terminals. However, these message are transmitted relatively frequently, e.g., in a carouselled manner.
Conventionally, each time the application data is received at the terminal, the security processor is required to determine whether the terminal is authorized to process the Tune Download Channel Message. If the terminal is authorized to process the message, the downloader module in the terminal tunes to a specified channel (PID stream) for the download messages containing the application object code. The download messages containing the object code for an application are normally transmitted in sequence, with sequence numbers, continuously and repeatedly (e.g., in a process known as carouselling) so that they are available in the download stream whenever a terminal finds a need to acquire them. Moreover, the object code for typical applications may be large, needing a large number of download messages to transmit the complete application. Hence, in order to minimize the acquisition time of an application by a terminal, it is advisable that the terminal can start acquiring download messages at any point in the transmission sequence of the object code.
As a result, the Tune Download Channel Messages (containing tier match decoder conditions) for an application are transmitted downstream frequently, which results in a significant authorization processing burden on the security processor.
Moreover, newer versions of terminal firmware will support a Multiple Applications Management (MAM) environment, such as described in co-pending, commonly-assigned PCT Application No. PCT/US99/24745, entitled xe2x80x9cMethod And Apparatus For Managing Multiple Applications In Large Scale Networksxe2x80x9d, filed Oct. 22, 1999.
A MAM environment allows multiple virtual applications to be downloaded into a terminal. Under MAM, the number of applications available to a terminal is expected to grow considerably, beyond the single traditional EPG application. As a result, it is expected and observed in tests, that the security processor will be burdened beyond its capacity for keeping up with authorization processing for the download of multiple applications. Moreover, the security processor will be impaired from performing other tasks, such as decrypting encrypted programming services, e.g., for pay-per-view, near-video-on-demand and other premium services.
Accordingly, it would be advantageous to provide a system that application data to be securely delivered to a terminal, yet reduces processing requirements of a security processor at the terminal.
Such a system should be much less expensive than currently available solutions in terms of security chip processing.
The present invention provides a system having the above and other advantages.
The present invention relates to security and authorization processing in digital terminals. The invention is particularly suitable for use when such terminals are operating in a Multiple Applications Management (MAM) environment in a digital network, but can be adapted for other uses as well that have a need to control the downloading and authorizing of applications at a terminal.
The invention reduces the overhead and expense of security chip processing in terminals for the processing of Tune Download Channel Messages (TDCMs) associated with large numbers of applications at the terminal. These TDCMs are transmitted very frequently by a controller in the digital network, and inform the terminals about which channel to tune to for acquiring the object code, and provide data for applications which can be enabled and executed on the terminals.
In particular, TDCMs may contain decoder conditionals in the message preamble portion of the MPEG message. A determination as to whether or not the terminal will continue to process the remainder of the message is based upon the success or failure of the decoder conditional terms. One such decoder conditional is a tier match condition, which is specified in the TDCM preamble.
An MPEG packet processor module within a terminal receives the MPEG messages. When the MPEG packet processor receives a TDCM containing a tier match decoder condition, the message is passed to a user processor. The user processor asks a message preamble handler to check if the terminal is authorized for processing the message. The message preamble handler interrogates the security processor module within the terminal, an example of which is the TSODA processor used in terminals manufactured by Motorola Corporation.
The security processor checks the tier match conditions specified for the TDCM against the authorization rights independently obtained by the -terminal via Entitlement Management Messages (EMMs). A sequence of non-trivial processing is needed in the security processor to check the tier match authorization.
The invention bypasses the use of tier match decoder condition message preambles with TDCMs, thereby reducing the need for security chip processing. In particular, newly created messages processed by the MAM module in the terminals provide the authorization requirements of the applications. The MAM maintains the authorization states of applications in non-volatile memory.
In particular, when a TDCM is received by the downloader module in the terminal, the MAM informs the downloader about the authorization state of the application directly from the MAM""s internal table. Thus, the security processor is not queried to see if an application in a download message is authorized for download. The security processor only need be queried when authorization rights of the terminal change, or when new application data or authorization requirements are received.
This avoids unnecessary repeat queries of the security processor, which would otherwise occur due to the repeated broadcast (carouselling) of the applications.
Moreover, backward compatibility is preserved for terminals which are not running MAM capable firmware (platform code).
A particular method for processing data in a digital user terminal includes the steps of providing data to the terminal that includes at least terminal authorization rights, configuration data, and download messages. The download messages include application data for applications that are executable on the terminal. The applications have associated required authorization requirements. The terminal authorization rights are processed at a security processor at the terminal to configure an authorization state of the terminal. Additionally, the configuration data is processed at a multiple applications manager (MAM) at the terminal to configure the terminal to receive the application data. The MAM queries the security processor to establish a database of the applications whose required authorization states correlate with the terminal""s authorization state. Additionally, the download messages are processed to determine whether to download or discard the application data received at the terminal in accordance with the database.
A corresponding apparatus is also presented.